I’ve looked over the policy and found most of the topics I was looking for. However, I can’t see where the topics below would be covered—can you clarify?
Individual user agreement (employee agreement/ responsibilities, often attached to hiring documents)
Reporting InfoSec Weaknesses and Events
Responding to InfoSec Reports
Rules for Use of E-mail